Posted
by
michael
on Friday February 22, 2002 @09:42AM
from the stormy-weather dept.

EvilDonut writes: "Following the roar of protests following the shut down of the BnetD-project, Blizzard has posted a Battle.net emulation FAQ, citing their reasons to to search out and close any project that allows people to play Blizzard games online without using Battle.net. Their main arguments are software piracy and the ability to control and expire the WarCraft III beta." There's also a brief note from the Bnetd people, included below.

From: "Tim Jung"
Subject: bnetd.org shutdown

If you would like more information on this please feel free to contact me. I am
one of the developers and the hosting ISP for www.bnetd.org. I have talked at
lenght with both the Blizzard/Vivendi lawyers and with EFF lawyers about our
options both as an ISP and as a developer.

As an ISP I did not force the group to do anything, but rather presented them
with all the legal information I have recieved and asked them what they wanted
to do. As you can imagine neither my company nor any of the developers have the
money to fight the Blizzard/Vivendi lawyers at this time. So until we are able
to get some legal help to fight this we felt we had no choice but to close down
the site for now until the time at which we could fight this legal battle.

yup. but they aint selling the battle.net server software, and have protected it. As I understand it, bnetd is a cleanroom implementation. It was built from the ground up. Nobody stole the code, they're just getting competition that's better and cheaper than they are.

It seems to me that the argument that Blizzard is using - that this is our software and you only have a 'license' and thus have to use our servers to validate them - is exactly contrary to the Adobe case [slashdot.org] that said that EULAs restricting use aren't valid.

From The Register article: Specifically, the ruling decrees that software purchases be treated as sales transactions, rather than explicit license agreements. In other words, consumers should have the same rights they'd enjoy under existing copyright legislation when buying a CD or a book. They can't make copies, but they can resell what they own.

This means that I bought the software, I can use whatever server I want to and Blizzard shouldn't have the right to claim that creating another server is somehow restricting their licensing...

You aren't a lawyer for certain, since you're trying to argue logic 8). Now, as a disclaimer, I'm playing Diablo's advocate here, and I disagree with the stance Blizzard is taking, but the Adobe case means only that you have the right to take your CD and manual and give or sell them wholesale to someone else (presuming you don't keep a copy and you uninstall the game when you transfer it). It does not mean that you have the right to play it as you please while you own it, any more than you have the right to do with a book's contents while you own the book (excluding things that fall under fair use, and playing Blizzard games on a non-Battle.Net server doesn't count as fair use in the eyes of the law).

They're using the DMCA because it's the easiest path, but even without the DMCA they could reasonably press the case the their EULA forbids the use of non-licensed servers, so such use violates the license agreement and terminates your right to use the program at all.

Did they write the alternative server? Why should they be able to prevent other people to reimplemnt servers? Using only traditional copyright law, they cannot do that. And patents won't help against true hobbyists.

Do you want Microsoft to prevent developers from writing import filters for proprietary Microsoft formats?

I'll still buy Blizzard games as long as they provide enough entertainment for the money.

No, you won't. You'll pay money for and agree to Blizzard licenses that permit you very limited rights to use the data and applications that (quite incidentally) came in the boxen with the licenses. You won't read the licenses, nor will you understand that you are agreeing that Blizzard may change the terms under which you may use their content, or revoke your license at any time, or simply withdraw the services advertised on the back of the box, or (in future) wiping the game from your drive, and all without giving you any notice or explanation or assumption of innocence.

You won't care until - despite Blizzard's control freakery - a pirate clones or guesses your CD key, or one of your friends jots it down, with or without your knowledge, or you get sold a returned box that's already been registered - and this actually happened to me, which made for an interesting little debate with the retailler - and you get refused access to Battlenet. Or Blizzard (or whoever group of lawyers happens to own them at the time) just stop providing Battlenet. Then you'll care, but Blizzard won't care, because you agreed to a license that says they don't have to.

Then you'll wish there was a bnetd. Then you'll say "Why did nobody stand up for this when we had a chance?"

You are both right, and wrong. Blizzard does indeed deserve to be able to fight piracy. I doubt many people would have beef with Blizzard trying to go after pirates. However, this is something entirely different. This is Blizzard quashing a product with a legitimate, innocent purpose, simply because pirates might be able to exploit it.

Here are reasons why bnetd was needed:

Battle.net is often slow, or even down.

You can't play on battle.net over certain types of corporate firewalls. On my company's firewall, for example, as soon as second person wants to play evertything gets hosed.

Up until recently, you couldn't play on a lan unless you had IPX enabled.

Based on my use of the product, I can assure you that people trying to use hacked copies were in the strict minority.

This is the IP equivalent of setting fire to a village because it might contain spies. If this kind of "ends justifying the means" logic were applied to any other aspect of life it be considered Draconian, but the DMCA allows this -- companies can prosecute groups whose work may present the slightest threat.

"I just wanted to play starcraft at work... and now I'm going to jail?" *sigh*

"This is the IP equivalent of setting fire to a village because it might contain spies."

Not quite. In this partcular village, the spies have the ability to magically transform other citizens to spies, and quite rapidly. Additionally, these spies have convinced other citizens that being a spy is ok, because the methods to become a spy are so innately simple. After a while, a great deal of spies become the majority.

And I won't. I've already told the folks at Blizzard that if that's how they're going to act then they won't be getting any more money from me - it's obvious they have too much already if they can afford to let the legal dogs loose on something like bnetd.

Hey, voting with my dollars, right? Capitalism in action. Democracy in action. Refusing to purchase Blizzard products is damned American of me!

I doubt Blizzard will care much. I've spent hundreds of dollars on their games over the years but I'm just one joe. Even so, I'm a joe who insists on doing the deed even if it won't count for squat at the end of the day.

Way it goes. Goodbye, Blizzard - too bad you guys opted to stick your heads so far up your asses on this one. I was looking forward to Warcraft III.

Yes, they do. However, they also chose to offer services as part of the price of the software for people to play Blizzard games over the Internet with TCP/IP, which is an open standard for network connections. Any connection can be emulated by figuring out the packet format, so that almost all servers and clients can be recreated for cross-platform compatibility.

So, if they're going to play on the TCP/IP field, they'll either have to figure out a better way to protect their connections, or realize that they'll just have to let other servers emulate their own.

And let me point out that Blizzard openly has said in their various games (like Diablo manuals) that part of the price of their game goes towards pay for the Battle.net servers. That means that if you're a legitimate owner of a Blizzard game, you get to play on the servers you payed for. If you're a pirate, guess what? You can't play on *their* servers. Blizzard doesn't pay for these other rogue servers, so they aren't having pirates sucking their own access. Also, Battle.net servers are where the brunt of all players are at, since they are the official servers and come automatically configured in your game. Playing on BnetD means dealing with less players, and perhaps unstable servers that can disappear at a moment's notice, since there is no single company making sure that they're running properly. You get what you pay for.

Lastly, let me point out again that Blizzard points out that we pay for the servers in the price of the game... and if the servers are down or extremely laggy (which happens often), then the value of the service has degraded below our expectation. If a legitimate gamer is unsatisfied with their multiplayer experience, they should be able to have the freedom to choose a non-Blizzard server to find. Blizzard should be happy about this, since it helps: 1) reduce load on Battle.net servers, and therefore ensuring better connectivity on their server, 2) provide many more choices in servers than Blizzard can afford to pay for, and 3) retain players for future Blizzard games purchase. For instance, I stopped playing Diablo II because of server problems, which can affect my buying decision for future games. Why should I buy Warcraft III if I expect the servers to still be sucky? If BnetD is an option, that could sway me to purchase Warcraft III. I understand that those who know about BnetD don't make up a large percentage of Blizzard's customers, but it is so significant, and they shouldn't assume that they can just alienate a minority to enhance revenue.

It's like holding gun manufacturers responsible for the murders caused by their guns-- madness. How can the manufacturer control what their product is used for? The BNetD folk can't, just as Smith and Wesson can't.

Funny, Smith and Wesson was forced into a deal with the government to prevent a suit.

And also, odd that you would use the example - since municipal gun suits are still trying to get off the ground. Check it out [overlawyered.com].

I'm well aware of that, but unlike smoking cigs (I know you didn't list this as an example, but I'm mentioning it early to get it out of the way in case someone ELSE does) for example, there's really only one use for a gun-- kill or injure people. With smoking though, the big tobacco companies DID try to downplay the possible harms their product did (not releasing studies done internally, not warning the consumer, etc). I think these gun suits won't make it though, I mean there's no logic at all in trying to sue a gun manufacturer because the murderer of your child/spouse/sibling was done with one of their weapons. What, should we go after baseball bat manufacturers too, maybe hockey stick companies? Heck, while we're dreaming up frivelous lawsuits, let's go after knife manufacturers, surely THEY knew that [so and so] was going to slit young [daughters name here]'s throat, right?

Right.

The BNetD people wrote something that generally speaking is benign and causes Blizzard no harm (and in fact, IANAL, but legally thinking, doesn't there 1) need to be enough harm caused and 2) enough infringing uses for it to even get a day in court?). I dunno what their REAL reason is (you know, the one they didn't put in the FAQ), but I imagine it's probably got something to do with them perhaps starting to charge for access.. Which if there was a possibility of open source competition to something like that, I'd like to see it.

Funny, Smith and Wesson was forced into a deal with the government to prevent a suit.

No, S&W chose to enter into a deal with the government in order to avoid a potential government lawsuit. In exchange for the deal, S&W got "favored" status to sell their weapons to the government over other gun dealers. Rather than stand up for Second Amendment rights, S&W caved.

Accordingly, they were promptly villified and boycotted by the gun industry and many of their former customers, and their business has taken severe hits because of that boycott.

Unfortunately, that won't happen here because the "software piracy" issue is something that the entire commercial software industry cares about. The only reason S&W took such a hit was because their position was a 100% reversal of the position of the rest of the industry. There's no way Blizzard is going to get villified by any other commercial software company, and even most of their customers will either be ignorant of, or don't care about, Blizzard shutting down OSS servers.

And also, odd that you would use the example - since municipal gun suits are still trying to get off the ground. Check it out [overlawyered.com].

Yes, that's the point - they're still trying to get off the ground. And in numerous jurisdictions, municipal gun suits have been thrown out because the manufacturer cannot be held liable for the illegal use of its products. The theory behind the decisions is that holding gun manufacturers responsible would be like holding Honda responsible when some idiot, hammered on vodka, hops into his Civic and plows into an oncoming car.

If I bought their product, I should be able to use it any way I choose

That's the problem. You didn't buy it. You licensed it. What you gave them money for was the right to use the software for a specific purpose. That's why companies can "sell" software to corporations that they "give" away for free to non-comercial users. I still don't agree with what they did, but I don't know how much we can do about it. I guess it all really depends on what the EULA says and how enforcable it is.

Had the BnetD servers been created AFTER the release of the full game, I think it would had a better chance.

Have you any idea what bnetd is? It existed before Warcraft III was more than a twinkle in the eye of a marketing hypester, and the information I've seen is that the official source (you know, the one the developers were being threatened for?) never had WCIII support.

What scares me is less the fact that these DMCA lawsuits (or threats of lawsuits) are slowly becoming bolder and bolder, and more the fact that so many people are eager to rationalize them. "If it's the law, it must be right!"

To return to the circular saw analogy, if you buy a circular saw blade from a company that has trademarked the name "Sawdust Blizzard (R)(TM) circular saws" and there is a note on the instruction paper hidden behind the saw blade (the saw blade is sold shrinkwrapped to a piece of cardboard that plainly says it is a 7 1/4" saw blade that will work with most 7 1/4" saws) with a note in tiny print at the bottom that says:

"this circular saw blade is provided as is, without any warranty or useability or safety guarantees, real or implied. By purchasing this saw blade you agree to the terms with are posted on the website www.sawdustblizzard.com and may be subject to change without notice."

On the website (buried behind pages of marketing copy and a note that the 7 1/4" circular saw blade is known to not fit most 7 1/4" saws, and recommending you purchase the new Sawdust Blizzard (R)(TM) 7 5/8" circular saw to most effectively use your Sawdust Blizzard (R)(TM) circular saw blade) is the terms:

By purchasing the Sawdust Blizzard (R)(TM) saw blade you agree not to use this saw for projects not approved by the Sawdust Blizzard Corporation or any of its affiliates. Only members of the Sawdust Blizzard craftsman union may use the Sawdust Blizzard circular saw blade. You may not use the Sawdust Blizzard (R)(TM) circular saw blade in Black & Decker, DeWalt, Mikita, or other circular saw manufacturers. Use of a washer and/or customized bolt to use the Sawdust Blizzard (R)(TM) circular saw with other saws is strictly prohibited and grounds for confiscation of anything built with it. By purchasing the Sawdust Blizzard you are automatically admitted to the union (currently free.) By joining the Sawdust Blizzard (R)(TM) craftsman union, you agree not to use other brands' woodworking products. Union rules are subject to change without notice

Why should the on-line piracy validation be integrated with the server? It is "relatively" easy to split the actual battle.net serving with the vadidation process

Quite correct. If Blizzard is really pro-hobbyist / anti-piracy, their first step should have been to publish the interface to their validation servers and invite bnetd (and any other interested parties) to use it.

Two problems with that. First, they're clearly just asswipes for their own laywers: "Blizzard products are intellectual property, and we are well within our legal rights to protect our products from software piracy" [translation: "You know that EULA you clicked through? Go and read it. You don't own a 'game', you own a 'license', the first clause of which is that we can change or revoke it at any time. How funny is that, butt monkey?" ]

Second, they're possibly concerned that if they make it too easy, then J. Random Hacker could zombie some Windows boxen and start firing random serial numbers at the validation servers in an attempt to find valid keys. I doubt that's really an issue though: a simple or exponential timeout on servicing requests from a given source IP would handle that. Plus, enough packet sniffing would allow a determined hacker to do it anyway, regardless of how obfuscated they try and make it.

OK, I have some sympathy for Blizzard. But anyone who's seen the erratic and tardy responses from Blizzard to the prolific duping and cheating on Bnet will know why there's very little reason to cut them slack on this issue, or to accept that they have gamers' interests at heart. It's about money, and it's about control, and nothing else. Perhaps you think that's enough of an excuse. Or perhaps not.

Notice how they cleverly shift the argument from one of "Why did Blizzard (successfully) attempt to shut down this project?" to "Are you saying you support piracy?" This is what we call a strawman [wikipedia.com], boys and girls.

All they've done is piss off a bunch of people and possibly "prevent" a couple of copies of their games from being the target of copyright violation. Let's see... a couple fewer sales, or the loss of much goodwill? The really determined copyright violators will still find a way, then they'll make their methods known, so they're back to where they were in the beginning with fewer fans.

Notice how they cleverly shift the argument from one of "Why did Blizzard (successfully) attempt to shut down this project?" to "Are you saying you support piracy?" This is what we call a strawman [wikipedia.com], boys and girls.

A strawman is arguing against a warker stance than your opponents actually hold. So what is the stronger stance? What's the real argument here?This is an emulator which would allow people to get around Blizzard's copy protection. I haven't palyed on battlenet in years. They may also have some advertising there, so there might be some loss in ad revenue, though I doubt the ad revenue outweighs the server costs.

All they've done is piss off a bunch of people and possibly "prevent" a couple of copies of their games from being the target of copyright violation. Let's see... a couple fewer sales, or the loss of much goodwill?

I doubt we're talking about just a few sales. Blizzard enjoys a relatively low amount of piracy of it's games that are played online. I even know a couple people who bought the game rather than coppied it because they needed the CD key, and I don't know that many people that play those games. I've also got the question the loss of "much goodwill". Are that many people really surprised by this action by Blizzard? The vast majority of Blizzard's customers won't be surprised, or offended by Blizzard's actions. Even among those that get upset, most will continue to buy and play blizzard's games because the games are of high quality, and the relatively low price of the game is outweighed by the many, many hours of enjoyable play time.

Blizzard isn't being unreasonable or vindictive, they're simply protecting their software so thay can pay their employees and continue to make the high quality games they make.

A lot of people copy games from their friends because it's easy and conveinient, and it's nice to try before buying. A lot of those same people will never bother to actually buy the game, even if they play it a lot. Blizzard's copy protection really only has to make it hard enough that those people buy it rather than copy it.

These are real issues for Blizzard. Arguing that it's only a couple sales and that they will lose good will is the strawman.

If they have reverse engineered in a clean room environment then they haven't stolen any IP. Who taught you it was illegal to write a product that is compatible at the protocol level with someone elses?

Ummm no. This is not a conventional case of cryptography. Blizzard's problem is that they have to decide on an algorithm completely before shipping. Blizzard's games need to have a simple formula and at some point, a function that returns true or false depending on whether a CD key is valid or not. Because this formula lies within the code for Blizzard's games and gets deployed with each game, they cannot change the rules after they ship.

Any service that can validate a CD key or not would be an invaluable service for anyone attempting to determine what that algorithm is. Thus I can see why they would not want to provide that service.

Public key encryption is a tool that solves a completely separate problem, and could not be applied to this task.

This sound like yet another amateur cryptography to me.If they used a proper public key algo they would have no need to keep it secret.

This sound like yet another amateur cryptographer to me.

Before designing any sort of security system, you must understand all of the dynamics of the system. There are many reasons why PK is not helpful here. The biggest one is that using a digital signature of some piece of identifying data would result in *huge* CD keys. Think about it: To have reasonable security, you need to use at least 512-bit keys. A signature with a 512-bit key is 512 bits in size. Even with base-64 encoding that's still an *85-digit* key. Depending on how resourceful your pirates are, 512 bits may not be enough, so maybe you should use 768 bits, which gets you a 128-character CD key. Oh, and you also have to send the information that was signed, and it has to be at least 24 bits, and probably a few more, so add another five base-64 characters there. Anyone typing that enormous thing in will almost certainly make some errors, so you'd better add some more bits for a checksum and an error correcting code.

Further, there is absolutely no point to using PK here at all! If you must use a cryptographic solution, plain old 3DES, or AES, or Blowfish, or IDEA, or whatever decent symmetric key cipher will work great. PK exists to (partially) solve the "key distribution problem", which is the difficulty of securely arranging for a shared key between two parties. There's none of that here. The problem here is for Blizzard to be able to distribute a large number of little piles of bits which users can regurgitate back to Blizzard whenever they want to play on the network. Blizzard makes the numbers, Blizzard verifies the numbers. Using, say, an 8-byte block cipher to encrypt a string containing an ID number padded in some structured way gives you an 11-digit base-64 encoded CD string. Much nicer. I can think of another approach that would allow you to shave a couple of digits off of that without sacrificing significant security.

Really, though, it's not clear that crypto is even required. Choose a random ~64-bit number for each CD key, encode it using base 64 or the like and store it in a database. When a request comes in, look it up in the database. If the number is there, cool. If not, drop the connection.

I should also note that with any solution, there really should be no problem with Blizzard setting up a key verification oracle, because if you use good crypto (or just sufficiently large random numbers) the odds of someone being able to use the oracle to either break the crypto or discover a key are low and infinitesimal, respectively. However, if I were consulting for Blizzard, I would probably recommend that they not do such a thing because (a) it wouldn't do any good, people would just hack the verification code out of bnetd and (b) there have been lots of interesting oracle-based attacks on ciphers in the past, and while none are known for the current crop of strong block ciphers, new discoveries may happen at any time.

If the validator is a private 2048 bit key no way in hell it can be hacked in a reasonable amount of time. This also means that only Blizzard's servers will work anyway unless someone finds a way to introduce the public key into the Warcraft client.

In other battlenet and warcraft are both written without even elementary knowledge of cryptography and security. Otherwise there would have been no need to keep the algorithm secret.

In other battlenet and warcraft are both written without even elementary knowledge of cryptography and security. Otherwise there would have been no need to keep the algorithm secret.

In order to argue this, you have to know an algorithm that can accomplish this. What is a key verification alg that is not in any way compromised by knowledge of the algorithm?

You have to put aside any thought of public-key crypto, because those systems are based on data which can be signed. Here there is no data.

Symmetric cryptography is also useless, for obvious reasons.

The task is complicated by the fact that we must assume the attacker has access to a very large number of valid keys.

We can't really use hash functions, either. The hash function could hash the CD key and accept only if the result has certain characteristics. But this is not practical because then Blizzard would be unable to generate the CD keys in the first place (they would have to reverse the hash to get the keys -- breaking their own system).

Yeah, if it were a 2048 bit key then a user would have to type in the 256-character key code to play Battle.Net - not very user friendly. Also, validating a large number of those keys could be very intensive on the servers (not fun validating 10,000 keys an hour, you know what I mean?)

Blizzard is ultimately doing the right thing in going after people cracking the Beta, IMHO.

I mean, ideally they ought to allow things like bnetd for their published games, since that reduced the load on their real battle.net servers, which I think most of us will agree is often more than they can handle.

Instead of citing security of their protection algorithms, I think they ought to be working WITH the bnetd people -- they need to find a way to allow copy protection while still allowing user-operated servers.

If they need a real example of a system that works, they need look no farther than Half-Life or Quake3 -- they can be played on LANs without authentication, but by and large, you need a licensed copy to play on the Internet.

Instead of citing security of their protection algorithms, I think they ought to be working WITH the bnetd people -- they need to find a way to allow copy protection while still allowing user-operated servers.

This thought crossed my mind too. Instead of shutting down the project, why not cut a deal where bnetd would query Blizzard's validation servers to find out if a license is valid and drop the connection if it isn't.

All things considered, I think it would be to Blizard's advantage to lighten the load on battle.net by allowing other servers. As other posters have already said, it would definitely improve the playing experience which would most likely lead, in turn, to increased sales for Blizzard.

Like any other software, once it hits the hands of someone outside the company it's going to be pirated. I checked Efnet last night, and the iso for the warcraft 3 beta is all over the place. It's sad that people pirate software, but that's the nature of the beast and no reason to shutdown a legit project. Now the bnetd server has gone underground, and will be modified by 3l337 h4X0r5 from here on out, and blizzard will not be able to get any control of that.

Servers that emulate Battle.net facilitate software piracy of Blizzard products by circumventing Blizzard's authentication code. Blizzard products are intellectual property, and we are well within our legal rights to protect our products from software piracy.

We, at Blizzard couldn't figure out how to keep people from copying our software, so we decided to do authentication in the server, and hope no one figures out how to write their own server.

How do CD keys help reduce piracy?

Blizzard uses two main methods to combat piracy: disc-based copy protection and CD keys. As part of the login process, Battle.net authenticates the user's CD key and prevents people from logging in with the same key or an invalid key.

We realize that all attempts to combat piracy are futile. We put these schemes in place more to frustrate legitimate users than to stop determined people from copying our software.

What about software that hasn't been released yet? Wouldn't it be better to have as many people testing the beta version of Warcraft III as possible, even if they are playing on non-Battle.net servers?

The primary purposes of the Warcraft III Beta are to get play-balance feedback and to test our Battle.net servers. Our servers aren't tested if people are playing the Beta on rogue servers. Additionally, the Warcraft III Beta is not intended to be a product demo; when testing ends, we need the ability to terminate the Beta's functionality. Rogue servers eliminate our ability to expire beta versions of our products.

This is just the beginning. We need to be able to, on a whim, terminate your access to a game you rightfully bought. We are testing this scheme under the guise of a "time limited beta test". If we let others run servers, they could play the game they paid for whenever they want!

What about the hobbyists who are not pirating your software but just want to use these servers as an alternative to Battle.net?

Unfortunately, software pirates have spoiled this situation for hobbyists. We are constantly working to improve Battle.net, and we sincerely hope that one day, no one will see any reason to seek alternatives to Battle.net for playing Blizzard games.

We don't understand why someone else would want to use an alternative to Battle.net. Our software is close to perfect, and who cares about those strange Linux-using customers?

Your games sell millions of copies. Why do you care if a few people pirate your software?

The sales success of a product should not exclude it from laws intended to protect intellectual property. Software piracy needs to be combated at all levels, and at Blizzard we intend to do our part to fight illegal distribution of copyrighted media.

Servers that emulate Battle.net facilitate software piracy of Blizzard products by circumventing Blizzard's authentication code. Blizzard products are intellectual property, and we are well within our legal rights to protect our products from software piracy.

We, at Blizzard couldn't figure out how to keep people from copying our software, so we decided to do authentication in the server, and hope no one figures out how to write their own server.

Unfortunately, this is what the folks at Napster faced. Yes, they may claim that their software is legal, it's just the people that use it for illegal music trading that are the problem. I hope a solution can be found to make this project legit in Blizzard's eyes.

How do CD keys help reduce piracy?

Blizzard uses two main methods to combat piracy: disc-based copy protection and CD keys. As part of the login process, Battle.net authenticates the user's CD key and prevents people from logging in with the same key or an invalid key.

We realize that all attempts to combat piracy are futile. We put these schemes in place more to frustrate legitimate users than to stop determined people from copying our software.

It doesn't matter how stong the copy protection is, someone is going to figure out how to break it. Blizzard's methods are good enough to stop the casual pirates which is, IMHO, most important from a revenue standpoint. Why would a "legitimate" user have a need to be able to use the same key on two different systems at the same time?

See above. Blizzard puts bread on the table by making money through software sales. Why should they be required to open up their scheme to allow others to be able to pirate their software more easily?

What about software that hasn't been released yet? Wouldn't it be better to have as many people testing the beta version of Warcraft III as possible, even if they are playing on non-Battle.net servers?

The primary purposes of the Warcraft III Beta are to get play-balance feedback and to test our Battle.net servers. Our servers aren't tested if people are playing the Beta on rogue servers. Additionally, the Warcraft III Beta is not intended to be a product demo; when testing ends, we need the ability to terminate the Beta's functionality. Rogue servers eliminate our ability to expire beta versions of our products.

This is just the beginning. We need to be able to, on a whim, terminate your access to a game you rightfully bought. We are testing this scheme under the guise of a "time limited beta test". If we let others run servers, they could play the game they paid for whenever they want!

Again, it's their software. And it's a beta. And not intended to be as public of a one at that. If people are able to play the betas indefinitely, then what incentive would they have to buy the final version? I'm guessing a lot of the kiddies could live with a few bugs if they can save $50. Although chances are, they're the ones who are going to pirate the final version anyway.

What about the hobbyists who are not pirating your software but just want to use these servers as an alternative to Battle.net?

Unfortunately, software pirates have spoiled this situation for hobbyists. We are constantly working to improve Battle.net, and we sincerely hope that one day, no one will see any reason to seek alternatives to Battle.net for playing Blizzard games.

We don't understand why someone else would want to use an alternative to Battle.net. Our software is close to perfect, and who cares about those strange Linux-using customers?

Bottom line, if you don't like it, don't use it. Sadly, I'm sure that that's what a lot of people here are going to do and that's too bad. Why should Blizzard be required to do something that, while it may have legitimate interests for hobbyists, also makes their games easy to pirate?

Your games sell millions of copies. Why do you care if a few people pirate your software?

The sales success of a product should not exclude it from laws intended to protect intellectual property. Software piracy needs to be combated at all levels, and at Blizzard we intend to do our part to fight illegal distribution of copyrighted media.

Business as usual... "War on Piracy..." News at eleven...

Piracy is piracy. The argument that XXX makes lots of money so it's okay to pirate their software just doesn't hold up. Blizzard has gotten where they are because they make good software. If they can't be allowed to do what needs to be done to protect themselves, then what incentive do they have to keep making good software?

We realize that all attempts to combat piracy are futile. We put these schemes in place more to frustrate legitimate users than to stop determined people from copying our software.

Actually, they put those measures in place to attempt to delay the distribution of a working warez version for as long as they possibly can. The majority of sales for most games occur in the first couple of months, and then it slows to a trickle. Just because Blizzard tends to move units in considerably more volume and over a longer period of time does not invalidate their desire to profit from their work during the most critical sales period.

Gamasutra has a feature [gamasutra.com] on the copy protection for Spyro the Dragon. It's a good read, but you have to sign up (free) to read it.

In order for us to keep our proprietary CD-key algorithms secure, we cannot allow outside servers to query for the validity of CD keys

See above. Blizzard puts bread on the table by making money through software sales. Why should they be required to open up their scheme to allow others to be able to pirate their software more easily?

Please don't comment on issues that you don't understand. This is a bare faced lie, and has nothing to do with encryption or security. Here's why:

There is nothing to stop bnetd from doing this already.

The bnetd server could simply open a socket to a Blizzard Battlenet server, and pass on all packets from the clients until it reaches the key challenge/response. It could then kick clients out if they fail the challenge (although the client should terminate itself if it receives a "go away" from the Battlenet server via bnetd).

Why don't they do this? Because one of the points of bnetd is to provide an independent network to Battlenet, which is buggy and prone to dreadful lag and downtime. Being reliant on Battlenet is counterproductive to the basic aims of bnetd.

However, if Blizzard were to set up separate authentication servers, that do nothing but authenticate encrypted CD keys without having to go through the whole login process, everybody wins. They can keep them up more easily, bnetd can use them with more confidence, and pirates can be kept offline. If the Battlenet authentication servers go down, bnetd could let in anyone, so pirates could only play when Battlenet goes down, and, hey, Blizzard aim for 100% uptime, right? By putting a delay on servicing requests from any given IP, Blizzard could protect themselves against crackers just throwing random packets at them, but they don't really have to, because unless you know the client side encryption scheme, that still doesn't help you get valid keys that you can use.

There is exactly zero implication for security. The bnetd server would send on exactly the same encrypted client packet that it already receives. All packet passing is verbatim, there is no need for Blizzard to reveal any details of their encryption scheme. Bnetd doesn't even need to know what a "yes/no" response from the Blizzard servers looks like, although it would be trivial to sniff, and better if they did know, as they could then forcibly terminate the client.

Reminder: bnetd could do this already. Your ISP's routers are doing this already.

There is one slight caveat. Blizzard might have done something "clever" like pack the result of a getpeername() into the CD key packet as Netrek [netrek.org] does with it's RSA packets to stop people inserting hacked "borg" clients between an unhacked client and a server. But there would simply be no reason for Blizzard to do this, and it would actually be counterproductive, as it would place a known and easily manpulated piece of data into the encrypted CD key packet, give a hint as to the encryption scheme used.

To recap: this particular statement from Blizzard is a big fat lie. I'm a professional network programmer, and I've hacked enough lousy and not so lousy encryption schemes to know. If you disagree, please spell out where the security hole is, because I'm simply not seeing one.

This is just the beginning. We need to be able to, on a whim, terminate your access to a game you rightfully bought. We are testing this scheme under the guise of a "time limited beta test". If we let others run servers, they could play the game they paid for whenever they want!

Do you have any actual information to support this bit of deep and foreboding paranoia, or are you simply attributing the worst possible motives to someone you happen to disagree with? Be honest.

We don't understand why someone else would want to use an alternative to Battle.net. Our software is close to perfect, and who cares about those strange Linux-using customers?

Perhaps I'm missing something, but how does a Linux implementation of the server magically create a Linux client? If there were a Linux client - and to my knowledge there are no Linux version of any Blizzard games - they would have no problem playing on Blizzard's main server, assuming they had a valid CD key.

Nope. At this point it's just raving paranoia. But look at the trends, and what other software houses are doing. Everyone is looking for ways to remotely shut down users. When you've already become filthy rich selling software, the next logical step is to become richer by holding your users hostage.

If there were a Linux client - and to my knowledge there are no Linux version of any Blizzard games - they would have no problem playing on Blizzard's main server, assuming they had a valid CD key.

Yes, they would, for the very same reason I have problems playing on Blizzard's BattleNet servers with a windows client. Their BattleNet servers are overloaded, full of spamming jerks, and are completely unusable for any group of people trying to play a game together.

That is why my friends and I setup our own bnetd server.
When we login to our own server, we can actually find each other. We can all join the game that someone creates. We don't get incessant messages while we are playing: to join a clan, visit a site, or make money fast.

We all have legitimate copies of the game. Blizzard made their money from us. Let us play the game.

I'm a user of FSGS so I can play starcraft multiplayer games - here's why

My network consists of two segments, a wireless ethernet segment and a wired 10Mbit segment. Inbetween these is a linux machine with an ADSL connection to the internet.

Starcraft is UDP based, it's a horrendous amount of firewall hacking to get the three (or more) machines behind the firewall to play on battle.net. I can't use IPX since the linux machine won't forward the packets across network segments.

It was trivial to install FSGS on the linux server and point all the clients at it - hey presto - we have working network play *even* if my ADSL line is off.

What did I do that was illegal ?

Incidently I have to use a cracked version of Starcraft on the laptop because it only has one pcmcia slot so it can only use one of the network or cdrom at anyone time.

DCMA isn't valid outside the US. Host the server software and source outside the US. Find yourself a European or Russian ISP willing to do it.

The only legal recourse for Blizzard is to try to shut down individual game servers residing in the US (small potatoes), or to try and track down developpers individually should they also reside in the US.

If you're an american developer for this, just deny any involvement from this point on.

I use bnetd to play starcraft on linux on lan. I'm not going to put ipx just for one game.Yes, I did buy the game, and yes I use winex to play it.I also happen to be the geek to call for a few tens of persons when they have a technical problem or to talk about games.I'm going to advice all those persons to never again buy a blizzard/vivendi game until this affair is settled between vivendi and bnet. There is obviouslly something better to be done for vivendi than to piss off fans with stupid useless legal moves.Piracy is not harmed by this move, nor helped by the existence of bnet.

Q. What about the hobbyists who are not pirating your software but just want to use these servers as an alternative to Battle.net?
A. Unfortunately, software pirates have spoiled this situation for hobbyists.

"Software Pirates" didn't spoil this for hobbyists. *Blizzard* spoiled it for hobbyists. In the style typical of any arrogant corporation, they don't care what their customers want; they just want to control every aspect of everyone's interaction with them. (IMO, this is typified by the horribly buggy CD copy protection on Diablo II -- ever try to play it with more than one CD-ROM drive, or the CD not in the first drive? Feh. They'd rather keep legitimate buyers from playing (hell, they already have our money) than risk letting even *one* "software pirate" slip through the cracks!)

Don't let Blizzard fool you. *They* are the ones who are causing problems here, not bnetd. What ever happened to "innocent until proven guilty?" (Yes, I know it's a legal principle, but it used to be widely practiced even by ordinary people... until the lawyers found they could make more money by pre-shafting people, so to speak.) Anyway, just my $0.02.

easy solution, when the check is made 2 keys are sent, one for the server, one for the client. The client checks the server and the server checks the client. Now you could hack the client and the server but the % of people that will go to the trouble of running a hacked client to play on hacked servers (that will probably be rife with cheating (duh they already broke the rules what's to stop them from turning on god mode) is probably pretty low. Plus it's not like they are secure now, there ARE keygens already that work for Blizzard games. Warez groups have bought enough copies of the games and gotten enough keys through elegitimate means that they have laready analyzed the keyspace and figured out what Blizzard is doing. Their protection is already dead, bnet costs them a ton to run and they are looking for a scapegoat. The D2 realms have been unplayable because Blizzards shitty ass coders left so many buffer overflow vulnerabilities in the server code that crackers are constantly testing them to see if they can't get the server to dupe items for their chars. I will be buying War3 despite this BS

...is that they want to restrict online Blizzard gaming to Blizzard servers so that they can keep track of their users. They want to know how many people are playing their games online, probably for metrics data collection and marketing (advertizing) data.

Don't get me wrong, it is well within their right to do so. Blizzard has been put into a tough spot by these server emulators, because they are forced to choose between an uncontrolled environment (which leaves the very real possibility of piracy), and high server load and an irate community that somehow feels that their rights are being violated.

You don't have to agree with their position (which I personally do) but at least understand the reasons WHY they are taking this stance.

It's funny, there's actually a pretty simple solution to all of this, which neither Blizzard or the/.-ers want to admit: Blizzard just needs to release a legitimate version of the B.Net server, with CD key checks enabled, that anybody can use to start up a B.Net server. This should solve both the complaints of those, like me, who own a legitimate copy a game, but have never been able to actually get a game up and running on B.Net with friends due to the servers being so overloaded, and Blizzard, who seems to just be worried about piracy. But, that would be giving the customer freedom of choice, now, wouldn't it, and then Blizzard couldn't start charging for access to B.Net eventually.

Blizzard just needs to release a legitimate version of the B.Net server

This is a great idea. A couple problems though:

The current battle.net server is an in-house application, which means (since they probably didn't develop it with a public release in mind), it's probably (a) really warty (not that this would matter to the average buyer) and (b) probably horribly coupled to all kinds of internal proprietary servers. I mean, look at Bugzilla [mozilla.org]; it's successfully used by a lot of projects, but it started as an in-house bug tracking system and *it still really shows.* Just try to set it up sometime!

The server would probably only run on Windows, since that seems to be the main audience Blizzard develops for. Or, alternately, if it runs on *nix, their marketing types would probably say, "well, our customers aren't running *nix, so there's no point selling it." Catch-22 here.

Also, with LAN parties combined with Microsoft's infamous "no more than 10 people may connect to a Win2K Pro machine over TCP/IP" (yieh! you're just a *consumer*, a *nobody*, so sit down biotch!), Blizzard's lawyers might warn them about people violating Microsoft's EULA. And heavens, that might be worse than Software Piracy!

With the server released, that would be more code crackers could look at to try to reverse-engineer the CD key algorithm. True, this can be done with the game too, but maybe the authentication is written in perl or some other text based language that would be trivial to reverse engineer.

Blizzard/*Vivendi*. How likely is Vivendi to do anything that even resembles giving customers freedom? They're all about control of "consumers," nowadays.

Blizzard tech support, like any large tech support organization, is already overworked from idiots emailing them about trivial problems. At least they probably have a good procedure in place for dealing with this though. Server software is a completely different ballgame, and they'd probably have to hire new staff just to deal with it. To their minds, this could be just more money down the tube.

So basically I agree with you, but with the analysis for blizzard = spending more $$ on development + spending more $$ on tech support + fear of "software pirates" + general belligerence, I doubt it will ever happen. Oh well, we can always hope, right?:-)

Typical Bugzilla install goes like this: "What!?! I have to download all of CPAN to run a friggin bug-tracking app? You've got to be kidding me! Oh, hey, Redhat 7.2 comes with Bugzilla rpms. I guess it's time for a clean install..."

Unless you run Solaris servers from behind a firewall and can't make CPAN friggin' work (like me). Then, it's time to go beg mgmt. for capital to buy a new x86 box...

--to see which opensource Diablo lookalike is furthest along and offer your support towards its development.

If you want a real laugh, make it use the bnetd as its server [bnetd is GPL after all], so bnetd server can no longer be primarily regarded as a piracy tool [if it ever was]

Game development takes a long time and several years of effort, so a complete start from scratch to produce something that operates in a similar fashion to Diablo is probably not a good idea, but if you can assist on something that runs on both Linux and Windows you'll rip a lot of their profit base from under their feet. What better way to be avenged ? I suggest the bnetd developers have a look around for a suitable project!

using Kali, a software that's been around since.. 95 at least, http://www.kali.net/ , gamers were able to play IPX game on the net under the guise of "Lan" emulated games. Eventually this evolved to encompass tcp/ip games, such as diablo, allowing users to play together without connecting to battle.net server.

Kali therefor ALSO bypasses the battle.net cd verification software, and has done so for the past 7 years.

Blizzard cracked down on bnetd, for the only reason, that it allowed ten's of thousands of players to play their closed beta unchecked.

Spite is what it really comes down too, as the piracy issue did not affect sales in any way for this beta.

This is, of course, pure bollocks. I could as easily write that "Playing Diablo II in single-player mode facilitates software piracy by circumventing Blizzard's authentication code. What's really at issue is that they don't want any competition for their pay-for-play servers in the future, and are willing to overlook the fact that the bnetd folks aren't the ones who added WC3 support.

Here's the letter I wrote to Blizzard:

Dear Sirs,

I have been a Blizzard customer for many years now. My shelves have accumulated boxes of Warcraft, Warcraft 2, Starcraft, Diablo, Diablo 2,and sundry expansion packs for those games. But I'm afraid actions your company has undertaken have persuaded me that I should stop being yourcustomer.

Like many others, I've been distressed recently by the damage hackers and cheaters have been doing to gameplay on Blizzard's Realms servers on the battle.net service. Duping items, hacking items, skill hacks, and various other methods of cheating have been running rampant. But until now, I've held out hope that Blizzard would take action to address these problems, and deliver on the cheat-free Realms that it has promised since before Diablo 2 was released.

Instead, I've noticed to my dismay that instead of investing its resources to improve the gaming environment for all legitimate players, Blizzard has instead chosen to squander those resources on stifling the innovation of those legitimate players. I speak, of course, of the letter threatening legal action Rod Rigole has sent to the bnetd project, hosted at http://www.bnetd.org. Mr. Rigole claims that this software violates the DMCA, and that it is Blizzard's interest that the software be suppressed.

Putting aside the fact that this is a questionable legal interpretation, given that bnetd is not a means to bypass anti-circumvention techology, does not facilitate copyright violation, and plainly lies within the DMCA'sexemption for reverse engineering done for the purposes of interoperability between privately-created software and preexisting software, and also putting aside the fact that I have never used the bnetd software, I am writing this letter to tell you that it is not within Blizzard's interest to take such action.

As evidence of that, I will offer the fact that your draconian action against a piece of software that only serves to enrich the gaming experience for thousands of your customers, has convinced me that I should not again purchase one of your products.

Note that I'm not asking wether or not they have a reason. Sure, you can limit piracy by controlling every possible environment in which a game is played. But do they have a right to shut down a clean reverse engineered network, just because they use their own network is an anti-piracy device?

If I sell a car, and one of my anti-theft devices is to place some sort of homing beacon under the hood, which is maintained and serviced at special approved dealers, then can I shut down independent mechanics who also service the car?

Thanks for not just folding on this, guys. I was worried for a bit there.

If the DMCA isn't going away, we at least have to show corporations that trying to make unsubstantiated threats will cost them more than they seek to gain -- in terms of popularity of the software and in terms of legal battles. I think they've got very little to stand on here (as opposed to the DeCSS case, which I think the DMCA was basically written for), so good luck in your fight.

I'm disgusted not only by what Blizzard has done, but by the fact that they feel the need to slander the bnetd project as well.

This is from the announcement on battle.net's main page:

Certain programs have been developed that allow users to bypass Battle.net's CD-key-authentication process. Although these programs might have been made with good intentions, they directly promote software piracy by allowing users who have illegitimately obtained our games to play them as if they'd been legitimately purchased. Furthermore, because these programs allow access without a CD key, they render malicious users unaccountable, thereby eliminating Blizzard's ability to protect legitimate consumers. Therefore, Blizzard has taken an aggressive stance opposing the use of these programs.

This paragraph contains at least on case of spin-doctoring, as well as one outright lie:

"Certain programs have been developed that allow users to bypass Battle.net's CD-key-authentication process." Technically, this is true, but it's a gross misstatement of the bnetd project's aims. This sentence implies that circumventing copy-protection was bnetd's primary purpose, when in fact it was not.

"...they directly promote software piracy by allowing users who have illegitimately obtained our games to play them as if they'd been legitimately purchased." Again, making it sound as though that's the primary goal of the program, and ignoring the fact that the bnetd team asked Blizzard if they could implement CD-key checking.

"Furthermore, because these programs allow access without a CD key, they render malicious users unaccountable, thereby eliminating Blizzard's ability to protect legitimate consumers." This is a lie, pure and simple. Blizzard will stll be able to protect leigimate users on battle.net from malicious ones; the existence of bnetd won't change that one bit. Bnetd poses no danger to batle.net users, and claiming that it does is scurrilous. Blizzard is fabricating this to make users think it's acting in their interests. It's not.

For me, the real issue is the way that the shutdown was ordered... Entire sites get shutdown as a result of vague hand-waving

We want you to shut down the entire site because we think that there are some files somewhere within that may, one day -- when the moon is blue and the sun is red -- be able to be used to violate copyright of something we own
But we're not going to tell you what, where why or how -- so unless you're really good at guessing, you really are going to have to shut down the entire site.

Any law that allows free speech to be infringed on the basis of such vague complaints should, itself, be struck down on the basis of it's vagueness. If an accused can't make a reasonable response to an accusation, it should not be considered a real accusation.

Although this is not a tactic I would take if Blizzard were my company, since I strongly disagree with it, I'm not sure that I can really blame Blizzard here. Piracy is a problem, and they are just trying to protect their investment. The problem isn't so much that they're using the tool available to them, but that it is available to them. The DMCA is a bad law, and we would be much better served trying to get overturned than we would be continually pressuring companies that use it to back down. Of course, the best way right now to attempt to get the DMCA overturned may be the bnet people taking Blizzard to court and attempting to fight the law. Unfortunately, I think it may take the Supreme Court to see the illogical nature of the DMCA and overturn it (although I actually have quite a lot of faith that they will).

Bnetd isn't the least of Blizzard's problems right now. If you haven't been following the Diablo saga, here's a short history.

Diablo I was quickly prone to excessive hacks because all character information was stored client-side.

Diablo II was released under the premise that character data was unhackable under a secure server. However, packet sending programs became capable of producing duplicates of godly items, and more recently hack into item properties, and bring characters up to essentially infinite skill levels. Essentially, Diablo I all over again (a big reason for this IMO is that Blizzard does not disallow the selling of game items and characters on ebay, as do the makers of Ultima Online and EverQuest).

After the most recent wave of hacks (typically a new hack is produced, and its use becomes so widespread that Blizzard has to patch it to get it's servers running again), Blizzard announced that it had deleted accounts [battle.net] found sending bogus packets.

Up to WarCraft III all Blizzard products have been free to play on Battle.Net. If they can't be more proactive in securing their servers, the prospects for World of WarCraft, their monthly payment MMORPG under development, does not instill one with confidence.

What does this posting by Blizzard mean? It means that within a day they had already recieved enough protests to put this FAQ up.

What does this mean for us? Keep up the fight! Send in more emails letting them know that their explanation still does not make up for their despicable actions! Tell them that you will continue to spread the word, and push for a total boycott of Blizzard products until they relent and learn to behave like decent members of a free society.

Hmmm....seems like Blizzard didn't make any move to shut down bnetd until they discovered people playing the Warcraft III beta on it. So it stands to reason that they'll happily allow continued development of bnetd after the Warcraft III beta ends.

What about the hobbyists who are not pirating your software but just want to use these servers as an alternative to Battle.net?

Unfortunately, software pirates have spoiled this situation for hobbyists. We are constantly working to improve Battle.net, and we sincerely hope that one day, no one will see any reason to seek alternatives to Battle.net for playing Blizzard games.

Prior to this action by Blizzard, I had no reason to use bnetd servers. Now I have one.

What follows is my personal response and does not necessarily represent the beliefs of any persons working on the bnetd project. Also, although I am not currently a member of the bnetd [bnetd.org] project, Blizzard's actions have prompted me to support this open source program in whatever way I am able.

"Although these programs might have been made with good intentions, they directly promote software piracy..."

The software, bnetd, no more promotes piracy than a crowbar promotes breaking and entering. Just as a crowbar can be misused, bnetd emulator can also be misused. A lock pick set is illegal here in California without a license because its primary purpose is to circumvent security. No license is required to own a crowbar or hacksaw just because these devices might be used in an illegal manner.

I'm a legitimate consumer. I own just about everything ever made by Blizzard. Your disrupting the development of bnetd has interfered with my ability to play the game. Shutting down bnetd is a violation of my fair use of software I legally own. Please explain the logic used to derive at the conclusion that disrupting my ability to play is actually helping me.

"we are well within our legal rights to protect our products from software piracy"

No one disputes this right, but you have not gone after the pirates any more than the police would by going after the manufacturer of crowbars.

"In order for us to keep our proprietary CD-key algorithms secure, we cannot allow outside servers to query for the validity of CD keys."

Security through obscurity is no security at all. Your algorithm with be reverse-engineered, eventually. When that happens, the inherent weakness will be public knowledge. CD key generators are already floating around the web. Obviously, the security of the CD keys has been seriously compromised. If you make the CD key verification code public, it can be implemented into bnetd and most users of the program will, no doubt, implement. In truth, the CD key verification should not be necessary. The game will not run without a valid game CD in the drive. If something is circumventing this verification, is is completely unrelated to bnetd. We are not pirates and we do not like pirates.

"Unfortunately, software pirates have spoiled this situation for hobbyists."

No, Blizzard - you have. The pirates are always going to be there, regardless of what you do to legitimate owners of the games.

"We are constantly working to improve Battle.net, and we sincerely hope that one day, no one will see any reason to seek alternatives to Battle.net for playing Blizzard games.

You have? When did this happen? Diablo 2:LoD has been virtually unplayable for several months now. Why do you think we seek an alternate closed realm? Since Blizzard has obviously abandoned the game to the hackers and cheaters, we have been forced by you to come up with our own solution. If you actually made an attempt to do something about the horrid condition of the realms, we might not be setting up our own realms. We want a nice place to play the game, free of cheaters and dupers. You won't give this to us; so, like an abandoned step-child, we must try to go our own way.
With the state of the realms in a perpetual state of self-destruction due to Blizzard's neglect, and with Blizzard's complete lack of interest in making existing customers happy, I have decided there is no reason to purchase another Blizzard product ever again. You have lost a customer. How many will you have to lose before you realize you must SUPPORT YOUR EXISTING CUSTOMERS.
During the previous duping exploit a few weeks ago, a Blizzard talking head said they had "come up with a solution that should be satisfactory to most people." We're still waiting. When is this mythical solution going to be implemented? Perhaps when he said "most people" he was referring to the Blizzard marketing division and the dupers. I'm sure the the only people satisfied with Blizzard's non-solution will be the marketing people (they are hoping it will drive people to their new game) and the dupers (they are free to abuse the realms to their heart's content).

I find it interesting that they concede it may have been developed for purposes other than piracy. I think that could hurt them legally.

From: "Rob Beatie" To: aexia@yahoo.comSubject: RE: One less copy of Warcraft 3 sold

Certain programs have been developed that allow users to bypass Battle.net's CD-key-authentication process. Although these programs might have been made with good intentions, they directly promote software piracy by allowing users who have illegitimately obtained our games to play them as if they'd been legitimately purchased. Furthermore, because these programs allow access without a CD key, they render malicious users unaccountable, thereby eliminating Blizzard's ability to protect legitimate consumers. Therefore, Blizzard has taken an aggressive stance opposing the use of these programs.

Please take a moment to read through our FAQ regarding these issues at http://www.battle.net/support/emulationfaq.shtml if you have any questions or concerns about Blizzard's stance on software piracy. {WR655}

Thanks to your ill-considered invocation of the DMCA, you have one less customer now. I've used alternative server software(bnetd) to play over the Internet because battle.net is laggy and full of cheaters, hackers and other assorted morons. It's simply not a fun place to play.

Creating my own server allows me to play in peace, without lag, with my friends. It's not to promote piracy; it's to play the *game*, not a "license", I paid money to buy. It's mine and I'll play it however the hell I want to.

I'm sure you'll sell plenty of copies of Warcraft 3 anyways, but you won't sell one to me until you catch a clue.

Unfortunately, software pirates have spoiled this situation for hobbyists.

1201a of the DMCA [gpo.gov] reads:
''(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that--
''(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls
access to a work protected under this title;
''(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title;
or
''(C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing
a technological measure that effectively controls
access to a work protected under this title."

It does not take a lawyer to know that bnetd is not a "circumvention device" under the DMCA, and by saying that the "pirates" "spoiled" it for the rest of legitimate users, they are even admitting that there are substantial legal uses and bnetd is not "primarily designed" to circumvent a copy prevention mechanism.

You're right, they wouldn't stand a chance if they went to court, assuming you mean bnetd.

Most people are missing the key fact here of the timing of Blizzard shutting them down. Blizzard didn't do it when they first heard about it, for reasons that many have stated here already. There are many legit reasons why you'd want to run a Starcraft/Diablo server. Blizzard's problem with bnetd only started when functionality to allow Warcraft 3 to run was added. War3 is not a product. (yet) There are absolutely zero non-copyright infringing uses for bnetd to be War3 compatible right now. People who joined the beta signed up to help blizzard test the game in exchange for being able to play ahead of time (for free!). They don't have the right to be able to play on their own servers because they agreed to play on b.net, nor do they have the right to give it to anyone they want. These were conditions of being able to be in the beta in the first place.

It's only normal to assume the worst of a large corporation and in many cases I would agree, but in this case (as I understand it) I do not. How else do you explain the other projects which allow for b.net emulation (fsgs etc) that exist and have for quite some time without problems from Blizzard and are not being shut down by Blizzard.

If what I believe to be true regarding this matter is in fact true, I have no problem with Blizzard doing this, DMCA notwithstanding.

I'm wondering if they are even going to bother trying to defend this or if they have already given up. If the hobbyists consider this an important thing, then I guess it's time that we all coughed up some cash to help protect it.

Honestly I'm beginning to think that the last bastion if influence individuals can have on the system is writing checks to help pay for the legal defense of the various little guys who are getting stomped on. I mean boycotts are of fairly limited value unless you can get together a large group of people and get some media attention. Personally I would love to see them fight this because I think they've got some solid legal ground here. So if the EFF, or some other group is going to start up a defense fund for these guys, let me know, I'll chip in.

If Blizzard phased out a product, then bnetd.org would fall under the DMCA's protection against obsolesence. That would be something we would be looking for because then when Blizzard brought suit against bnetd.org, the people responsible for bnetd could ask EFF to write up the legal documents to ask the judge to throw out the case on those grounds.

EA Originally DID shut down the UOX project which let ultima online users run their own servers for free instead of for pay. After the EA servers got overloaded and they couldn't support all the players, they dropped the lawsuits and let people have all the free servers they wanted. Now there are hundreds of free servers and UO is still in existence because of it, and the server load on the main server has dropped dramatically. Battlenet's currently running very close to the same problem. Its servers are laggy, even during non peak hours, and during peak hours its almost impossible to play.

Once again this is the whole licensing crap. If I paid for my copy of Diablo, Diablo II, Starcraft and WarCraft II then I should be able to play them online, but sometimes there are problems with firewalls and what not that render a battle.net server unaccessible. This is neither my fault nor their fault, but they have esentially turned my CD's into coasters.

As for the stuff about CD keys, I think we all know that's just skirting the issue some. The real issue is about control. Blizzard is after complete control just like every other closed software company is. The fact they make kick ass games shouldn't change your view in this case.

One, you aren't modifying the game to run it on bnet. Two, by your own admission, you do own the copy.

If you want to stick it in a microwave, you're free to. If you want to make modifications to it locally and not distribute them, you're free to do that too. Copyright law only says that you can't distribute copies publically or off to random people. It's called 'Fair Use'.

I don't care what the stupid license agreements say. They're largely unenforceable, and morally wrong anyway. If a license agreement in the front cover of a book isn't legally binding, one on the front cover of a DVD box or inside a game box isn't either.

No company's 'ownership' rights reach inside my own house to things I've bought and control. Such thinking leads the way to an invasive police state, and I will have none of it.

i have to object here. battlenet is free only in that there is no monthly fee. but, you certainly pay for it, as a portion of the retail price for the game. think of it as a 15 dollar or 20 dollar lifetime subscription.

if battlenet were free, then you could theoretically play on it with a third party version of starcraft. however, you cannot.

i'm not denying that 50 dollars is a fair value for most of blizzard's games. they make great games, and starcraft is perhaps worth a half point on my gpa.:)

The issue for me certainly wasn't pirating software. I puchased two copies of Broodwar so that my son and I could play.. and I have originals of all other games I play.

The issue was ease of access to cheat-free games. The bnetd server I use allows me to chat with friends and games without a bunch of people around with whom I don't want to talk, allows me to create games more easily without fear of someone else that I don't want in the game jumping in -- in general simply allows for a nicer experience. Further, it used to be that games created on Battlenet had *much* slower response times than those on a private server. Don't know if that's still true. (Creators of BnetD did have a *reason* for all that work.)

(Yes, you can create private rooms, but people still use them whether or not you want them to. You can't password a room.)

I paid the money -- all I'm looking for is a better experience. I get that on the private servers.

I assume you mean a God-given gift. What does God have to do with any of this anyway? They are a for-profit organization so maybe God didn't give them the right to make a profit but US (and French in the case of Vivendi) Law surely does. Actually, they have an obligation to their shareholders to do what they feel is best for the company and that includes making a profit and protecting their IP.

im not sure why they even brought out the argument that bnetd is pirating software.

They never said that Bnetd is pirating. They said that "Servers that emulate Battle.net facilitate [emphasis added] software piracy of Blizzard products by circumventing Blizzard's authentication code."

On a side note - you're 23 (according to your info page) and it is about time you learned how to write your posts in a somewhat intelligible manner.

Each and every example Blizzard cites for their chasing down bnetd is an example of Blizzard trying to control what the consumer does with their software after the point-of-sale. Especially the "we want to expire the Warcraft 3 betas" excuse. They can go after pirates as much as they want, but if I have a legitimate copy they have no right to infringe upon my own rights.

"How in the world is blizzard going to handle complaints and support."

And we have the same, tired old excuse of "But Blizzard will have to support it!" Where the heck do you people get that idea? I answered Dell tech support calls a few years back and I only got support questions about non-Dell peripherals maybe once a day. And I never got a call asking to support hardware that the customer didn't buy through Dell (such as an HP printer).

Customers aren't quite as dense as you seem to think. And this is before you consider the amount of work they'd have to go through to set up a connection to a non-Battle.net server. I will truly be surprised if anybody went through the effort to play StarCraft on one of these servers under the assumption that the server was owned and operated by Blizzard.

At best this is an example of Blizzard using the excuse of a very small minority to infringe upon the rights of everybody.

"It would damage all the work they put into making network play secure and reasonably safe from identity theft."

Then why are they afraid to let it compete with the security of other server operators?

Let's say a bunch of friends and I buy copies of the game, but we only have 56k modems and crappy phone lines to connect to the 'net. Ping times to BNet stink, even on a good DSL connection. Let's also say that none of us have higher-end computers with enough juice to play the game and host a TCP/IP game at the same time, but we do have an extra machine we can tie into the mix. So, we set up a bnetd server locally in order to play some games together, on a halfway decent connection, without the relatively high latency one gets with the official servers, especially during peak times. We have fun, with the game we legally bought.

Just because something might allow something illegal to be done, doesn't mean that it is, in and of itself, illegal. A gun could be used to rob a bank - yet you can walk into a gun shop, or even WalMart (if you're buying a rifle) and buy one. You can even buy ammunition for the gun, although it could cause signifigant harm to someone if you shot them with it. It's perfectly legal to own ammunition, and even use it - for hunting, target practice, etc...

Why don't the servers ask for a CD key? Then leave it to Blizzard to authenticate the key?

Well, there's the pseudo-trojan problem - someone other than the bnetd people modify the code to export the validated CD key to a file (or website, IRC channel, etc...) as being "good" - then publish the list. If they marketed themselves as a different project, they would probably catch quite a few legitimate users before being found out. Those keys they caught would become "public", and pretty much useless.

Of course, with Blizzard doing nothing to prevent the shills on BNet from masquerading as "official" Blizzard employees to con (gullible) users out of their CD keys, account passwords, etc... it doesn't seem like they are all that concerned about protecting their CD key system, in general.

I'm not sure if there is a solution that will be able to authenticate the key without exposing it at some point for retrieval - unless the comparison code is put in the client, rather than the server (so the key is never sent over the network, encrypted or not) - but that opens it up to be patched around. Passing the CD key (in any form) will allow it to be captured, and for the above scenario to take place.

Does Blizzard Entertainment® allow or support other Battle.net® like or emulation servers? Can I host one of these rogue servers?

No. Except as set forth in the next paragraph, Blizzard Entertainment® does not support or condone network play of its games anywhere but Battle.net®. Specifically, you may not host or provide matchmaking services for any of our games or emulate or redirect the communication protocols used by Blizzard Entertainment® in the network feature of its games, through protocol emulation, tunneling, modifying or adding components to the game(s), use of a utility program or any other techniques now known or hereafter developed, for any purpose including, but not limited to network play over the Internet, network play utilizing commercial or non-commercial gaming networks or as part of content aggregation networks without the prior written consent of Blizzard Entertainment®.